The quantum resistant ledger has been running roughly a year and AFAIK as received some excellent praise and has received a lot of media coverage because of that although your point about reusing addresses wouldn't be sufficient in my opinion because we are then relying on the chance of the address not being targeted rather than implementing a system which is completely quantum resistant. It is true that the less you reuse an address the less exposure it has on the public ledger and thus the less likely it is to be a target although this doesn't completely prevent the address from being targeted due to it still being recorded on the address once they receive an amount. By implementing a quantum resistant algorithm we at least prevent this sort of attack from happening and there is no risk whatsoever although I would agree that reusable addresses shouldn't be a thing and you should only be able to use new addresses every time for other privacy issues but the way its implemented into the blockchain right now is the user gets to decide what sort of piracy level they are comfortable with which could possibly be the best approach if we are to stick with the decentralized way of Bitcoin and not limit users of it to specific rules.

The quantum resistant ledger (QRL) is only an example and there are many other projects which are doing different things with the end goal being the same; protecting the ledger from quantum computers. I disagree and think that being able to reuse an address is a security and privacy issue in its own right and has nothing to do with the freedom of the users to reuse the address. By allowing them to reuse addresses we are allowing them the opportunity to be stung but I'm always going to support projects which allow more privacy and can combat cash in that sense but I'm going away from the original point. Implementing a different algorithm might not be necessary until the very late stages of quantum computers and that would allow us to thoroughly test each algorithm while quantum computers are out potentially even using quantum computers to find out the answers to our questions about how well it scales. The biggest concern with the QRL is that scability might be a big issue and there is no way to really test that. We have the theory of it working and being able to scale up however as we all know more solid theories in the past have been proven wrong. My point is that we could be implementing something which might not even protect us against our issues and then we would have to implement another system anyway which each time is going to affect the adoption and short term value of the currency. The only real benefit of doing it several times over in a short period of time would be media coverage other than that this would affect the daily users of Bitcoin and would be largely not beneficial to the system as a whole.

A lot of the discussion around post-quantum cryptography and how to protect against attacks from quantum computers is more 'how can we use conventional computers to protect against quantum attack', rather than 'how can we use quantum computers to protect against quantum attack.'

In this thread we have covered how quantum computers are superior to conventional computers only in certain ways and for certain types of problem, where they can use their quantum nature to effectively take calculation shortcuts. It has also been discussed how quantum computers might be bolted onto conventional computers in a manner similar to GPUs. But this can be done as defence as well as attack.

I am a long way from being an expert, but from my limited understanding of the basics of quantum mechanics I think that one possibly fruitful avenue to pursue is using quantum properties as a pre-emptive defence mechanism. There has already been a lot of work in this area, particularly in Quantum Key Distribution, which uses quantum indeterminacy to ensure that any act of measurement (eavesdropping) is always detected. As with any other 'arms race' type situation where you have two opposing sides competing against one another, there have been many attempts to circumvent and hack quantum cryptographic processes. Whilst these have sometimes been successful, this success is often down to exploiting vulnerabilities in the set-up rather than in the quantum processes themselves. I do wonder as the technology to both defend and attack improves, whether it will reach a point where there is a final barrier in that the laws of quantum mechanics, whether the uncertainty principle or quantum entanglement or some other facet, creates a system that is fundamentally impossible to hack.

However just because the mass population doesn't have access to these superior quantum computers doesn't mean its still not a threat. Governments which are probably funding these quantum computers are known to be pretty hostile towards Bitcoin and could use this to their advantage along with other things on their agenda.

I posted why I don't think this will happen above. In short, governments have bigger fish to fry than 'destroying' bitcoin. If a government were to use a QC to steal a bunch of bitcoins, it would serve as a warning to the rest of the world to upgrade their encryption algorithms that is Quantum resistant. If a country were to have the ability to break EDSCA but doesn't attack bitcoin, it could silently collect/intercept encrypted data/secrets, and learn the secrets being protected by the now broken encryption.

The problem with reusing addresses is once they have broadcast themselves onto the network they are then vulnerable to an attack from a quantum computer because they have exposed their public keys onto the network. This hash would then be suspect to quantum computers by using factoring to break the encryption and this is where I think the network could be improved without implementing a fully quantum resistant ledger by only allowing the use of an address once.

If you were to operate under the assumption that QCs will be used to attack bitcoin, what you describe will only be a temporary solution. Once QCs have enough qubits to calculate the private key within ~an hour, it will be unsafe to spend any coin. The reason is, it is common enough to see hour to 1.5 hour long blocks (the time between blocks) so that someone with a QC could start trying to break the private key of an address 'containing' a lot of coin that was spent within a few minutes from the time the last block was found, and double spend the transaction with a much larger fee once the private key is calculated. The attacker would be unsuccessful when the block time is less than a hour, however a bitcoin user has no way of knowing the time until the next block will be found, so every transaction will be at risk.

However just because the mass population doesn't have access to these superior quantum computers doesn't mean its still not a threat. Governments which are probably funding these quantum computers are known to be pretty hostile towards Bitcoin and could use this to their advantage along with other things on their agenda.

I posted why I don't think this will happen above. In short, governments have bigger fish to fry than 'destroying' bitcoin.

I agree completely. If someone develops a quantum computer that can break existing encryption with ease, then there are much bigger targets than bitcoin. As mentioned by PrimeNumber7 above, if it becomes public knowledge that someone has hacked bitcoin and stolen say $1 million of coins, then crypto will take a nosedive and that $1 million will fall in value very very rapidly. If they steal $1 billion, then I'd be very surprised if they could cash it out to fiat before it lost most of its value.

We all know how volatile crypto prices can be, with even the merest suggestion of a rumour of bad news often enough to cause the whole market to tank. Something like a quantum hack would have a huge impact. If this hypothetical malicious actor with a quantum computer wants to make a huge amount of money, they could go after banks instead - that would be much more lucrative and probably easier. And if it's a government doing the hacking, then again it would be much more advantageous for them to hack a rival government (US vs China for example). They could wreak havoc, with infrastructure a likely target, but in theory any state secrets or corporate data would be vulnerable.

Finally we must also remember that one of the best things about crypto is that good coins are under continuous development, and defences against quantum attack will likely be in place long before it becomes a real risk. These coins are developed by some very smart and very tech-savvy people. If quantum computing becomes a threat, it won't take these people by surprise.

As I've mentioned before, I think that whilst a lot of work has gone into building quantum-resistant systems using classical computers, one of the best avenues of investigation is defence using quantum computers. There has been plenty of research into various methods of Quantum Key Distribution, and this research continues with approaches such as Kak’s three-stage protocol. Perhaps this will be quantum-attack-proof, or perhaps not. But the key here is that defence is actually moving faster than attack.

I agree completely. If someone develops a quantum computer that can break existing encryption with ease, then there are much bigger targets than bitcoin. As mentioned by PrimeNumber7 above, if it becomes public knowledge that someone has hacked bitcoin and stolen say $1 million of coins, then crypto will take a nosedive and that $1 million will fall in value very very rapidly. If they steal $1 billion, then I'd be very surprised if they could cash it out to fiat before it lost most of its value.

We all know how volatile crypto prices can be, with even the merest suggestion of a rumour of bad news often enough to cause the whole market to tank. Something like a quantum hack would have a huge impact. If this hypothetical malicious actor with a quantum computer wants to make a huge amount of money, they could go after banks instead - that would be much more lucrative and probably easier. And if it's a government doing the hacking, then again it would be much more advantageous for them to hack a rival government (US vs China for example). They could wreak havoc, with infrastructure a likely target, but in theory any state secrets or corporate data would be vulnerable.

Finally we must also remember that one of the best things about crypto is that good coins are under continuous development, and defences against quantum attack will likely be in place long before it becomes a real risk. These coins are developed by some very smart and very tech-savvy people. If quantum computing becomes a threat, it won't take these people by surprise.

As I've mentioned before, I think that whilst a lot of work has gone into building quantum-resistant systems using classical computers, one of the best avenues of investigation is defence using quantum computers. There has been plenty of research into various methods of Quantum Key Distribution, and this research continues with approaches such as Kak’s three-stage protocol. Perhaps this will be quantum-attack-proof, or perhaps not. But the key here is that defence is actually moving faster than attack.

I get your point that you and primenumber7 are putting across although lets not forget that Bitcoin has already had some very serious bugs in the past which involved basically printing off Bitcoin. This was a big thing at the time and luckily wasn't abused. You would think such negative press would have destroyed Bitcoin but it didn't. If money was stolen then Bitcoin would take a dive but I wouldn't say it would be the end of Bitcoin. Cash is stolen everyday and fiat currencies gets printed off fairly regular but that doesn't stop people using it. Bitcoin has its strengths and god forbid we will probably have incidents such as the earlier issue with printing off Bitcoin. I use printing off as a comparisons but really you could double spend coins and keep them and therefore create Bitcoins out of thin air.

The hypothetical person with the quantum computer able to break traditional encryption would probably not go after banks for multiple reasons. First of all banks would have definitely already switched to a quantum resistant encryption method and also the person who has access to the quantum computer will probably not be a ordinary person. They will be involved with the government or one of the wealthy elite in the world. Think facebook's CEO and while he may not agree with banks him attacking a bank mean prison. Whereas attacking Bitcoin is a little different laws are different and because you aren't attacking a centralized figure it is handled different. Also we need to remember that the likes of facebooks ceo would be in competition with Bitcoin as he is now releasing his own cryptocurrency. We do have enemies even more than the banks out there and unfortunate they are powerful enemies with seemingly unlimited funds.

The hypothetical person with the quantum computer able to break traditional encryption would probably not go after banks for multiple reasons. First of all banks would have definitely already switched to a quantum resistant encryption method and also the person who has access to the quantum computer will probably not be a ordinary person. They will be involved with the government or one of the wealthy elite in the world. Think facebook's CEO and while he may not agree with banks him attacking a bank mean prison. Whereas attacking Bitcoin is a little different laws are different and because you aren't attacking a centralized figure it is handled different. Also we need to remember that the likes of facebooks ceo would be in competition with Bitcoin as he is now releasing his own cryptocurrency. We do have enemies even more than the banks out there and unfortunate they are powerful enemies with seemingly unlimited funds.

I definitely agree with you that there will only be a few wealthy individuals that will have access to quantum computers and although I think its a good example that Mark Z would be a competitor against Bitcoin I think its fairly unrealistic in reality. Mark already has the marketing power and exposure that he needs for Libra and Bitcoin really isn't competing against him in that way. The only similarities they share is its a digital currency but as far as I know Libra isn't generated using encryption techniques and therefore can't be considered a cryptocurrency. Besides even if Bitcoin was a competitor I think the platform both Facebook and Instagram give him will knock spots off Bitcoins marketing techniques and he probably wouldn't have to invest as much into it compared to a quantum computer. I doubt he would have any other tasks to be completed with a quantum computer.

All mechanics made by human, bitcoin made by human, Quantum computers made by human. Human can made, so human can destroy it, adjust it, improve it to make its stronger. If someday, Quantum computers become really dangerous to bitcoin, then bitcoin core developers will do find ways to improve bitcoin source codes, and strengthen protective mechanism of bitcoin network to potential attacks from Quantum computers.Governments, I don't think we should over worry about governements. The history of bitcoin and crypto currencies show that bitcoin made by a man/ woman, foundation/ company, whatever, but it was definitely not made by government(s). My implication is governments are always falling farther behind bitcoin core developers, and crypto developers. They just want to use their power, legal power to control crypto currency world, but they will not completely reach their purposes. Addtiionally, governments are greedy to learn blockchain technology from @Satoshi Nakamoto, bitcoin core developers, and other crypto developers.

Hi all I thought I’d try to summarise Bitcoin's vulnerabilities to Quantum Computers, as well as some potential defences, and get it all in one post. Apologies for the wall of text, but hopefully it is useful...

Mining can potentially be much quicker with QCs.The current PoW difficulty system can be exploited by a Quantum Computer using Grover’s algorithm to drastically reduce the number of computational steps required to solve the problem. The theorised advantage that a quantum computer (or parallelised QCs) have over classical computers is a couple of orders of magnitude, so ~x100 easier to mine. This isn’t necessarily a game-changer, as this QC speed advantage is likely to be some years away, by which time classical computers will surely have increased speed to reduce the QC advantage significantly. It is worth remembering that QCs aren’t going up against run-of-the-mill standard equipment here, but rather against the very fast ASICs that have been set up specifically for mining.

Re-used BTC addresses are 100% vulnerable to QCs.Address Re-Use. Simply, any address that is re-used is 100% vulnerable because a QC can use Shor’s algorithm to break public-key cryptography. This is a quantum algorithm designed specifically to solve for prime factors. As with Grover’s algorithm, the key is in dramatically reducing the number of computational steps required to solve the problem. The upshot is that for any known public key, a QC can use Shor’s approach to derive the private key. The vulnerability cannot be overstated here. Any re-used address is utterly insecure.

Processed (accepted) transactions are theoretically somewhat vulnerable to QCs.Theoretically possible because the QC can derive private keys from used addresses. In practice however processed transactions are likely to be quite secure as QCs would need to out-hash the network to double spend.

Unprocessed (pending) transactions are extremely vulnerable to QCs.As above, a QC can derive a private key from a public key. So for any unprocessed transaction, a QC attacker can obtain the private key and then create their own transaction whilst offering a much higher fee, so that the attacker’s transaction gets onto the blockchain first, ahead of the genuine transaction. So block interval and QC speed are both crucial here – it all depends on whether or not the a QC can hack the key more quickly than the block is processed.

Possible defences...

Defences using classical computers.

Modify the PoW system such that QCs don’t have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle, Momentum and Equihash.

Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS, but more promising (as far as I can tell) are the lattice-based approaches such as Dilithium, which I think is already used by Komodo.

Defences using quantum computers.As I’ve said a few times, I’m more of a bumbling enthusiast than an expert, but exploiting quantum properties to defend against QC attack seems to me a very good idea. In theory properties such as entanglement and the uncertainty principle can offer an unbreakable defence. Again, people are busy researching this area. There are some quite astonishing ideas out there, such as this one.

I’ll leave it there. Apologies for all the external links, but hopefully this has summarised a few things.

Thanks cnut237! I was thinking of summarising the thread and what we have discussed in the reserve post I made but I decided to just include useful quotes and links which I would like to hear more about and more differing opinions on if possible. I have moved this to Bitcoin development & technical discussion hopefully finding a few new people who can expand on the on going discussion and hopefully provide new useful information.

Defences using quantum computers.As I’ve said a few times, I’m more of a bumbling enthusiast than an expert, but exploiting quantum properties to defend against QC attack seems to me a very good idea. In theory properties such as entanglement and the uncertainty principle can offer an unbreakable defence. Again, people are busy researching this area. There are some quite astonishing ideas out there, such as this one.

I have done some research in this particular field of quantum physics myself and had come across Rajan and Matt Visser proposed idea of implementing a blockchain which relied on transaction records being represented by pairs of entangled photons which would be ordered in a chronological way. Their idea is very smart and by preventing quantum computers from using data in the Blockchain by removing previous photons is a very unique solution to the problem. However I am a little concerned that this complex blockchain would be too hard for the public to grasp and usability could be compromised. The most important thing with Bitcoin is getting people trusting the software and investing in it with a solution as complex as this you would need a quantum computing degree to even grasp it which could result in the loss of faith from the public due to the complexity of the Blockchain. Currently the Blockchain is fairly easy to understand and can be explained in a concise matter but with a entangled photons based blockchain this would be lost.

This is one of my major concerns about Bitcoin being adopted by the masses. Its not the potential security risks because they will be combated with various different techniques. Its the problem of making Bitcoin too hard to understand and therefore losing the trust of the general user.

A possible approach to deal with quantum threat would be a multi-tier encryption system. For small amounts (90% of the total) don't change anything, for medium amounts (9% of the total) use weaker and lighter Lamport signatures and for the rest use stronger and heavier Lamport signatures.

All mechanics made by human, bitcoin made by human, Quantum computers made by human. Human can made, so human can destroy it, adjust it, improve it to make its stronger. If someday, Quantum computers become really dangerous to bitcoin, then bitcoin core developers will do find ways to improve bitcoin source codes, and strengthen protective mechanism of bitcoin network to potential attacks from Quantum computers.Governments, I don't think we should over worry about governements. The history of bitcoin and crypto currencies show that bitcoin made by a man/ woman, foundation/ company, whatever, but it was definitely not made by government(s). My implication is governments are always falling farther behind bitcoin core developers, and crypto developers. They just want to use their power, legal power to control crypto currency world, but they will not completely reach their purposes. Addtiionally, governments are greedy to learn blockchain technology from @Satoshi Nakamoto, bitcoin core developers, and other crypto developers.

Looking for the time that man takes to answer many times i would not be so positive, we never know what is being made secretly like USA Area 51 and so on...

Biggest project to hack cryptography in WW2 ENIGMA was something never thought by germans, but ENIGMA was cracked.

Looking for the way bitcoin works now and who makes decisions i would say maybe we are in danger, just look the time we start to talk about scalling and the time it really scalled (not yet).

Cracking bitcoin could be a good project for all governments to prove they are right about Bitcoin not be a good thing, and governments have a lot of resources!

We all know that Quantum Computing could significantly improve the power of computers. Imagine that you are using this technology to have multiple nodes/computers. Then having those various computers, maybe roughly the amount of "enough users" to accept a new software that probably coded a bug or an exploit. Would we ever arrive at the part where Bitcoin has already formed to the right software where it could prevent this type of attack? Could bitcoin also recover? I think if this is successful, more trust would be broken not just with Bitcoin, but with Cryptocurrencies in general. It is knowing that there are a lot of people who don't understand this type of subject matter.

Anyway, why believe that Quantum Computing will end Bitcoin? Why not help it?

We all know that Quantum Computing could significantly improve the power of computers. Imagine that you are using this technology to have multiple nodes/computers. Then having those various computers, maybe roughly the amount of "enough users" to accept a new software that probably coded a bug or an exploit. Would we ever arrive at the part where Bitcoin has already formed to the right software where it could prevent this type of attack? Could bitcoin also recover? I think if this is successful, more trust would be broken not just with Bitcoin, but with Cryptocurrencies in general. It is knowing that there are a lot of people who don't understand this type of subject matter.

Anyway, why believe that Quantum Computing will end Bitcoin? Why not help it?

Bitcoin can answer to a crack, that was done before with a rollerback, but some attack would be bad for the business could be a complete CAOS for a while.

Hope the guys in command knows what they are doing, IOTA for example was lunched as anti-Quntum Attack, hope bitcoin improve in time.

Bitcoin can answer to a crack, that was done before with a rollerback, but some attack would be bad for the business could be a complete CAOS for a while.

With the amount of transactions bitcoin currently has >300k/day, a rollback is almost impossible. Planning a rollback and getting everyone to agree with it would take some time, and what would you do with the >300-2000k transactions that were confirmed before the rollback?There is a lot of money moving in bitcoin. How can anyone justify cancelling than many transactions? Imagine. You sell your car for bitcoins, wait for it to confirm hand over your car and then the next day you don't have your coins anymore What would that do to the reputation of bitcoin?

Maybe, if there would be a HUGE theft that would be noticed immediately, but that would have to be REALLY huge. I cant imagine such a thing happening anymore. When a rollback was done bitcoin was a lot of smaller and there weren't as many transactions then. And the bug would have destroyed bitcoin if it had not been fixed. (someone created ridiculous amounts of new bitcoins from nothing. IF I remember correctly he created hundreds of millions of bitcoins... so something had to be done)

Bitcoin can answer to a crack, that was done before with a rollerback, but some attack would be bad for the business could be a complete CAOS for a while.

It's not a crack what I'm talking about, it's physically tricking the network or something like that. I doubt that it's going to work but in theory, it sounds plausible. That's why I suggested, instead of using Quantum computers to make normal computers, hashes, obsolete, why not make it more powerful using that technology? It's far ahead into the future but it's better than destroying things.

With the amount of transactions bitcoin currently has >300k/day, a rollback is almost impossible. Planning a rollback and getting everyone to agree with it would take some time, and what would you do with the >300-2000k transactions that were confirmed before the rollback?

That's the thing, you can't. Maybe if we are talking about theories, certainly, we can but it's all a theory unless you have enough power to hack everything and Bitcoin would turn inside out and all those things that you sold for BTC, wouldn't be worth it anymore. That's only true if it happens, which is impossible to do.

Maybe, if there would be a HUGE theft that would be noticed immediately, but that would have to be REALLY huge. I cant imagine such a thing happening anymore.

We will never know unless something happens unexpectedly, knowing the will of other people just to destroy other peoples hard work, it's just the reality anymore. What we need to worry about is what hackers do with their knowledge.

Due to the imaginary nature of quantum physics, people easily get confused.

And using that imagination, computers were invented. Imagine living in the 1800's; they probably imagined how they are going to talk to other people from another side Of the world? How is mathematics going to be easy? I wish there were some machine or equipment for that

Don't be so negative with things that are not yet adequately realized. It all starts with a theory and a what-if.

It's hard yet to realize since there are only two ways to do quantum computing and you need an expensive device to experiment. It needs to be in a vacuum chamber etc. The human race would get there, for sure. (unless we have destroyed our home, Earth) Lol

Due to the imaginary nature of quantum physics, people easily get confused.

And using that imagination, computers were invented. Imagine living in the 1800's; they probably imagined how they are going to talk to other people from another side Of the world? How is mathematics going to be easy? I wish there were some machine or equipment for that

Don't be so negative with things that are not yet adequately realized. It all starts with a theory and a what-if.

It's hard yet to realize since there are only two ways to do quantum computing and you need an expensive device to experiment. It needs to be in a vacuum chamber etc. The human race would get there, for sure. (unless we have destroyed our home, Earth) Lol

When devs are getting their hands on these devices, can't a counter-defence (or attack) be introduced by them even at their understanding of 2 qubits to help figure out what type of actual attacks can destruct the memorandum code for Bitcoin? Can it be just attacking the value of Bitcoin or it will also destroy the whole economy? Considering that over 84% of BTC has already been mined, I see it to be least affecting the niche but the thing is, Bitcoin is still 'not fully, but to some extent' vulnerable to this type of *imagination* and we should prepare ourselves for a situation if occurs in near future. Why not find out a technology that can prevent us from the attacks of QC? If QC and other things were imagined and have become truth now, there must be something that can abolish their twitches and burst the bubble before it becomes too big to stop you from breathing.